[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: monitoring tor-traffic

To: or-talk@xxxxxxxxxxxxx
Subject: Re: monitoring tor-traffic
From: "Jonathan Addington" <madjon@xxxxxxxxx>
Date: Thu, 10 Apr 2008 16:54:06 -0500
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Thu, 10 Apr 2008 17:54:13 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=xCgyeaaTHDk1bfHfBOQ89DwcZwbCnhwWRuhJhpsk9EI=; b=qejsR0TlDk7ls8u0oVyWzaEXAMJN/GPWxZe/Ard8dWcW523SnVmQBT9sQbEp1qaIVSqOf6yS+LkunN/WosRZR83HBtzKaKJ9lxkiy+UdZ/oai3yVxKG8Z1yDQ2Y486g17zHIdjLUCYpvxA2fqd2+RoFInm/0xLIk9XvCupZ09SE=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=tyQICkd4mOT3ITbPpLddGPNiRdPk9zGxdfu/xd/jYFeJCJu+4VITETdzsto21dq8RaGDybOVV85j47WsFCS2md9MlAXZRR3HGWh8y74+UT/Wg6exuBVBfg3ijDa/OSzJL3Z/elAxQLZZmepvP2FDWFFdr8iKOweiVXiUO2MEi6o=
In-reply-to: <20080410213144.GA8863@xxxxxxxxxxxxxxxxxxxxxx>
References: <20080410160906.GA5809@xxxxxxxxxxxxxxxxxxxxxx> <1da45f2a0804101341m5bb8af1an50191bc8f78f6c5f@xxxxxxxxxxxxxx> <20080410213144.GA8863@xxxxxxxxxxxxxxxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

On Thu, Apr 10, 2008 at 4:31 PM, sigi <dugongs@xxxxxx> wrote:
>
> On Thu, Apr 10, 2008 at 03:41:45PM -0500, Jonathan Addington wrote:
> >> On Thu, Apr 10, 2008 at 11:09 AM, sigi <dugongs@xxxxxx> wrote:
> >>
>
> >> for a year or so, I was running a Tor-middleman-relay, and the
> >> monitoring-sites on the net were fine for me.
> >>
> >> Now I switched to a bridge-relay and was thinking about how to monitor
> >> the connections and traffic going through it.
> >>
> >> I found a plugin for munin, as mentioned here
> >> <http://archives.seul.org/or/talk/Jun-2006/msg00024.html>
> >> but this doesn't work, the plugin exits with errors.
> >>
> >> Now I'd like to get any information, how I can easily monitor my
> >> tor-relay: How many connections and how many traffic goes through it.
>
>
> > What OS and router (if you have one) are you running?
>
> It's Debian etch running on a vserver
>

To get an idea of the total number of connections you can run "lsof
-iTCP" which will list *all* TCP connections. E.g., :

evince     5338     madjon   56u  IPv4 2899806       TCP
beijing.local:48037->py-in-f19.google.com:https (CLOSE_WAIT)
tor       12056 debian-tor    4u  IPv4 5236063       TCP
beijing.local:33000->e82-103-209-231.elisa-laajakaista.fi:21209
(ESTABLISHED)
tor       12056 debian-tor    7u  IPv4   19749       TCP
beijing.local:9001 (LISTEN)

If Tor is running as its own user (as is generally encouraged) you can
run "lsof -iTCP|grep tor-user" (which would remove "evince" above, or
apache, vnc, or any other program that uses tcp). "lsof -iTCP|grep
tor-user|wc -l" will give you an actually count, which will also
include outgoing connections, which will increase the number if you
are running an exit server. To narrow things down more you could run
"lsof -iTCP|grep tor-user|grep 9001|wc -l" where 9001 is whatever port
Tor actually takes connections on, which should give you a good idea
of the number of nodes you are connected to.

To monitor bandwidth you can use a program such as mrtg or bmon.

You should know that it can take a very long time to list all
connections if you have had Tor running for any significant amount of
time. With a cable modem this process takes me several minutes. There
are other ways to measure connections/bandwidth as well, along with
more precisely monitoring Tor (although this method works fairly
well).

With three computers on my network, presently there are 1369 outgoing
connections, 1342* of which are Tor, taking up 206kbit/s of (outgoing)
bandwidth. As my outgoing bandwidth is lower than my incoming I can be
fairly certain that Tor is running *about* the same in incoming
bandwidth.

I hope this helps and is not too verbose. I was going to let someone
with more Tor experience respond, but it wasn't coming fast.

-madjon

*These are not all necessarily active connections, running "lsof
-iTCP|grep debian-tor|wc -l" gave me 681 connections and took 11
minutes to complete.

-- 
madjon@xxxxxxxxx

Follow-Ups:
- Re: monitoring tor-traffic
  - From: sigi

References:
- monitoring tor-traffic
  - From: sigi
- Re: monitoring tor-traffic
  - From: Jonathan Addington
- Re: monitoring tor-traffic
  - From: sigi

Prev by Author: Re: monitoring tor-traffic
Next by Author: Re: Smallest cheapest device to run a tor home server?
Previous by thread: Re: monitoring tor-traffic
Next by thread: Re: monitoring tor-traffic
Index(es):
- Author
- Thread